Juniper Configuration
Most proprietary switches provide a CLI for interactive use, but do not provide a mean of applying this configuration from a Unix command line
JunOS is proprietary, but provides a far better story:
- A sandboxed FreeBSD 12 userland with OpenSSH
- Tools for loading, merging and displaying the diff of a configuration
These are notes on configuring the Juniper EX2300-C-12P using rset(1).
USB console
Juniper switches can be accessed using a USB cable since have a built-in UART
uslcom0 at uhub0 port 4 configuration 1 interface 0 "Silicon Labs CP2104 USB to UART Bridge Controller" rev 2.00/1.00 addr 8 ucom0 at uslcom0 portno 0
To switch output to the USB console run
set system ports auxiliary port-type mini-usb
Manual configuration can now be handled from my from my OpenBSD router using
cu -l cuaU0
Configuring SSH
The next step is to establish network access using a management interface
set interfaces me0 unit 0 family inet address 192.168.0.7/24
Optionally disable the alarm LED if this interface will only be used for unitial provisioning
set chassis alarm management-ethernet link-down ignore
Set accepted cypers
set system services ssh hostkey-algorithm ssh-ed25519
Add users
set system login user eradman class super-user set system login user eradman authentication ssh-ed25519 "ssh-ed25519 key..."
Once we have settled on a network design we can bring up a layer 3 interface and assign an IP address that is accessible on a VLAN instead
set interfaces irb unit 80 description wired-network set interfaces irb unit 80 family inet address 192.168.0.7/24
Upgrading JunOS
> show version > request system software add http://192.168.0.11/junos-arm-32-18.2R3-S5.3.tgz reboot
Or if there isn't enough space
> request system software add http://192.168.0.11/junos-arm-32-18.2R3-S5.3.tgz force unlink no-copy
Router Uplink
First we'll define the vlans on the switch
# juniper/ex2300-c set vlans vlan80 description wired set vlans vlan80 vlan-id 80 set vlans vlan80 l3-interface irb.80 set vlans vlan81 description wireless set vlans vlan81 vlan-id 81 set vlans vlan81 l3-interface irb.81
Set interfaces to
trunk
mode to accept 802.1q frames
edit interfaces ge-0/0/0 set description "Uplink to router" edit unit 0 family ethernet-switching set interface-mode trunk set vlan members vlan80 set vlan members vlan81 exit exit
Aggregate Links
Tagged or untagged interfaces may be set up for redundancy
set interfaces ge-0/0/10 ether-options 802.3ad ae0 set interfaces ge-0/0/11 ether-options 802.3ad ae0 edit interfaces ae0 set description "e300 cnmac3,cnmac4" set aggregated-ether-options lacp active edit unit 0 family ethernet-switching set interface-mode trunk set vlan members vlan80 set vlan members vlan81 exit exit
POE
JunOS is far more adaptable to configuration management than most switches
since changes stage before committing. Another feature is the ability to
clear a section using
delete
to ensure the entire category has been redefined
delete poe set poe interface ge-0/0/6 set poe interface ge-0/0/7
Routed VLANs
By assigning an IP address to each VLAN L3 interface traffic can be routed between LANs on the switch
set interfaces irb unit 80 family inet address 192.168.0.7/24 set interfaces irb unit 81 family inet address 192.168.1.7/24 set interfaces irb unit 80 family inet6 address fd00:50::7/64 set interfaces irb unit 81 family inet6 address fd00:51::7/64 set routing-options static route 0.0.0.0/0 next-hop 192.168.0.3 set routing-options rib inet6.0 static route ::/0 next-hop fd00:50::3
SRX Series
Juniper SRX firewalls can also be used as a switch by enabling
packet mode
delete security edit security forwarding-options family set iso mode packet-based set inet6 mode packet-based set mpls mode packet-based exit
Alarm Status
If the alarm light is on, the system may be missing a last-known-working
configuration, or the recovery partition may not be ready. Use
show system alarms
to show known issues.
# mirror state
request system configuration rescue save
request system autorecovery state save
Links
fs.com has everything need to assemble tidy cabling and are very easy to use: